1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ 6 #define CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/compiler_specific.h" 13 #include "base/files/file_path.h" 14 #include "base/memory/scoped_ptr.h" 15 #include "base/memory/weak_ptr.h" 16 #include "chrome/browser/policy/cloud/cloud_policy_validator.h" 17 #include "chrome/browser/policy/cloud/user_cloud_policy_store_base.h" 18 #include "chromeos/dbus/dbus_method_call_status.h" 19 20 namespace chromeos { 21 class CryptohomeClient; 22 class SessionManagerClient; 23 } 24 25 namespace policy { 26 27 class LegacyPolicyCacheLoader; 28 29 // Implements a cloud policy store backed by the Chrome OS' session_manager, 30 // which takes care of persisting policy to disk and is accessed via DBus calls 31 // through SessionManagerClient. 32 // 33 // Additionally, this class drives legacy UserPolicyTokenCache and 34 // UserPolicyDiskCache instances, migrating policy from these to session_manager 35 // storage on the fly. 36 class UserCloudPolicyStoreChromeOS : public UserCloudPolicyStoreBase { 37 public: 38 UserCloudPolicyStoreChromeOS( 39 chromeos::CryptohomeClient* cryptohome_client, 40 chromeos::SessionManagerClient* session_manager_client, 41 const std::string& username, 42 const base::FilePath& user_policy_key_dir, 43 const base::FilePath& legacy_token_cache_file, 44 const base::FilePath& legacy_policy_cache_file); 45 virtual ~UserCloudPolicyStoreChromeOS(); 46 47 // CloudPolicyStore: 48 virtual void Store( 49 const enterprise_management::PolicyFetchResponse& policy) OVERRIDE; 50 virtual void Load() OVERRIDE; 51 52 // Loads the policy synchronously on the current thread. 53 void LoadImmediately(); 54 55 private: 56 // Starts validation of |policy| before storing it. 57 void ValidatePolicyForStore( 58 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 59 60 // Completion handler for policy validation on the Store() path. 61 // Starts a store operation if the validation succeeded. 62 void OnPolicyToStoreValidated(UserCloudPolicyValidator* validator); 63 64 // Called back from SessionManagerClient for policy store operations. 65 void OnPolicyStored(bool); 66 67 // Called back from SessionManagerClient for policy load operations. 68 void OnPolicyRetrieved(const std::string& policy_blob); 69 70 // Starts validation of the loaded |policy| before installing it. 71 void ValidateRetrievedPolicy( 72 scoped_ptr<enterprise_management::PolicyFetchResponse> policy); 73 74 // Completion handler for policy validation on the Load() path. Installs the 75 // policy and publishes it if validation succeeded. 76 void OnRetrievedPolicyValidated(UserCloudPolicyValidator* validator); 77 78 // Callback for loading legacy caches. 79 void OnLegacyLoadFinished( 80 const std::string& dm_token, 81 const std::string& device_id, 82 Status status, 83 scoped_ptr<enterprise_management::PolicyFetchResponse>); 84 85 // Completion callback for legacy policy validation. 86 void OnLegacyPolicyValidated(const std::string& dm_token, 87 const std::string& device_id, 88 UserCloudPolicyValidator* validator); 89 90 // Installs legacy tokens. 91 void InstallLegacyTokens(const std::string& dm_token, 92 const std::string& device_id); 93 94 // Removes the passed-in legacy cache directory. 95 static void RemoveLegacyCacheDir(const base::FilePath& dir); 96 97 // Invokes |callback| after reloading |policy_key_|. 98 void ReloadPolicyKey(const base::Closure& callback); 99 100 // Reads the contents of |path| into |key|. 101 static void LoadPolicyKey(const base::FilePath& path, 102 std::vector<uint8>* key); 103 104 // Callback for the key reloading. 105 void OnPolicyKeyReloaded(std::vector<uint8>* key, 106 const base::Closure& callback); 107 108 // Invokes |callback| after creating |policy_key_|, if it hasn't been created 109 // yet; otherwise invokes |callback| immediately. 110 void EnsurePolicyKeyLoaded(const base::Closure& callback); 111 112 // Callback for getting the sanitized username from |cryptohome_client_|. 113 void OnGetSanitizedUsername(const base::Closure& callback, 114 chromeos::DBusMethodCallStatus call_status, 115 const std::string& sanitized_username); 116 117 chromeos::CryptohomeClient* cryptohome_client_; 118 chromeos::SessionManagerClient* session_manager_client_; 119 const std::string username_; 120 base::FilePath user_policy_key_dir_; 121 122 base::WeakPtrFactory<UserCloudPolicyStoreChromeOS> weak_factory_; 123 124 // TODO(mnissler): Remove all the legacy policy support members below after 125 // the number of pre-M20 clients drops back to zero. 126 base::FilePath legacy_cache_dir_; 127 scoped_ptr<LegacyPolicyCacheLoader> legacy_loader_; 128 bool legacy_caches_loaded_; 129 130 bool policy_key_loaded_; 131 base::FilePath policy_key_path_; 132 std::vector<uint8> policy_key_; 133 134 DISALLOW_COPY_AND_ASSIGN(UserCloudPolicyStoreChromeOS); 135 }; 136 137 } // namespace policy 138 139 #endif // CHROME_BROWSER_CHROMEOS_POLICY_USER_CLOUD_POLICY_STORE_CHROMEOS_H_ 140